Bludit API Vulnerability: Predictable Token Generation Exposes Sensitive Data
CVE-2024-24554

Currently unrated

Key Information:

Vendor: Bludit
Status: Bludit
Vendor: CVE Published:; 24 June 2024

What is CVE-2024-24554?

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

Affected Version(s)

Bludit Linux 2.0

References

https://www.redguard.ch/blog/2024/06/20/security-advisory...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jan 25, 2024

Credit

Andreas Pfefferle, Redguard AG

JSON